We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Clear the checkbox Scan executable files for vulnerabilities when running them and lock the setting,

Secure Virtual Machine Policy

Create a Secure Virtual Machine policy in the group of managed computers where SVMs are located.

Go to Update settings and clear the Update application modules checkbox. Close the lock.

Go to Settings for connecting SVMs to the Integration Server and specify the IP address (or FQND) of the machine with the Integration Server (the IP address of the Administration Server). Close the lock.

Verify that the policy is applied on the Secure Virtual Machines.

Windows Light Agent Policy

Create a policy for the Light Agent for Windows.

Open the policy properties and go to Anti-Virus protection → General Protection settings.

In the Exclusions and trusted applications section, click Settings.

If the VDI infrastructure is used in a Citrix environment, enable exclusions and trusted applications for Citrix XenDesktop, Citrix Provisioning Services, Citrix XenApp, Citrix EdgeSight, and Citrix Profile Manager. If they're not in the list, create a new policy and add them at the Exclusions step.

If the VDI infrastructure is used in a VMware environment, enable exclusions and trusted applications for VMware Tools and VMware Horizon View. If they're not in the list, create a new policy and add them at the Exclusions step.

If roaming user profiles are used, specify the path of the network folder where the profiles are located to avoid scanning on both a network and local level.

Go to the SVM discovery settings section. Make sure that Use Integration Server is selected and that the lock is closed.

Go to Settings for connecting to the Integration Server.

Specify the IP address (or FQDN) of the machine where Integration Server is installed (the IP address of the Administration Server).

Select the checkboxes Enable Dynamic Mode for VDI and Optimize Kaspersky Security Center 10 Network Agent settings for the virtual infrastructure. Disable vulnerability scan and inventory of applications and equipment. You can edit the current settings by using Network Agent policies.

After Network Agent has installed, open services.msc and launch it manually.

Launch the local installation of Kaspersky Security For Virtualization 5.x Light Agent on the golden image.

If you are using Citrix XenDesktop, select the checkboxes Ensure compatibility with Citrix Provisioning Services and Installation on the template for temporary VDI pools.

If you are using VMware Horizon View, select the checkbox Installation on the template for temporary VDI pools.

If the checkbox is selected, updates that require a protected virtual machine to restart will not be installed on the virtual machines deployed using this template. At the same time, Kaspersky Security Center 10 will send messages that database and application modules updates are required on the template.

We do not recommend selecting the Installation on the template for temporary VDI pools checkbox if the template will be used for creating a VDI infrastructure of one of the following types:

Citrix XenDesktop static dedicated catalog with local drives

VMware Horizon View automated pool of the full clone type

What to do after the installation

Verify that the Windows Light Agent policy has been applied. The golden image should have been handled by relocation rule created in Kaspersky Security Center. If the golden image does not meet the conditions of the relocation rule, move it manually into the managed group created for virtual machines.

Verify that the Light Agent is connected to the SVM: open thewindow locally in the interface of the Light Agent for Windows.